Security/Service
Desk Control Policy
Purpose: The purpose of
this policy is to establish proper procedures and identification for visitors,
employees, vendors, and patients entering Anchor Hospital.
Scope: The scope of the Security/Service
Desk policy is to establish proper procedures in allowing physical entry into
Anchor Hospital.�
Policy: This policy sets
the minimum standard for physical entry into Anchor Hospital to maintain proper
controls for security and privacy. This policy applies to all individuals,
groups, or parties that enter Anchor Hospital.
1.0 Physical controls
1.1 Entry into Anchor
Hospital will require verification and authorization by the front desk
1.2 All individuals
entering Anchor Hospital must be issued a badge and wear the badge in a way as
to allow security to easily view the information printed on it.
1.3 Security/Service Desk
will be positioned at each main entrance of the hospital and where practical.
1.4 No station shall be
left unattended for any extent of time.
1.5 Video surveillance
will be place in a way to view the security/service desks surrounding area
2.0 Proper pass/badge
creation controls
2.1 Every badge must
include the person�s name (first, last), copy of government issued ID, time/date,
and reason for visit.
2.2 Badges may not have
validation past 24 hours. Visitor badges cannot be valid more than 6 hours. Vendors
badges are not valid more than 8 hours.
2.2.1
Exceptions can be made through contacting Security department.
3.0 Access logs
3.1 Physical audit logs
shall be maintained according to the Anchor Hospital audit control policy.
These logs will maintain information including person�s name (first, last),
copy of government issued ID, time/date, and reason for visit.
Roles
and Responsibilities:
1.1 Security/Service desk
is responsible for issuing passes.
1.2 Anchor Hospital
employees and staff are responsible to ensure that proper pass/badge are worn
correctly by individuals.
Guidance:
NST
SP800-53 Revision 5: PE-2 Physical and Environmental Protection
Revisions
|
Date of Change |
Responsible |
Summary of Change |
|
10/31/2022 |
CISO |
Created new policy |
|
|
|
|
Resources:
Rance,
S. (2015, October 8) 5 Reasons the Service Desk Should Care About
Information Security.� https://www.sysaid.com/blog/service-desk/5-reasons-the-service-desk-should-care-about-information-security
Covington,
R. (2015, June 23) Physical Security: The overlooked domain. https://www.csoonline.com/article/2939322/physical-security-the-overlooked-domain.html
NIST
(2022) Security and Privacy Controls for Information Systems and
Organizations.� https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/final